Category: Communication Media & Internet

The “Dot-Brand” Explosion: What You Need To Do Now

Dickinson Wright LogoEarlier this year the company that manages the global internet address system (the Internet Corporation for Assigned Names and Numbers, or ICANN) accepted the first round of applications for new “generic top level domains,” or gTLDs – the part of an address that goes to the right of the dot. Most businesses register domain names that use the familiar “.com” suffix or one of a handful of other available options such as “.org” or “.biz.” The new program makes it possible to register a business name, a trademark – indeed, virtually any word in any language – as a TLD in its own right. Depending on whose crystal ball you consult, this Dot-Brand initiative could revolutionize the way the internet works, or hopelessly complicate it, or both.

The initial application window recently closed. The list of applications offered a few surprises, a number of omens for the future – and some important action items for brand owners who did not apply for a gTLD this time around.

  • One surprise was the sheer number of applications. Originally, ICANN was anticipating 500 or so. In the end there were almost 2,000 (at $185,000 apiece!) The unexpected volume slowed down the application process, and will surely slow the review and approval process even more.
  • Many of the applications were for famous brand names (.chevy, .nikon, .walmart) and several were for geographic locations (.paris, .nyc, .amersterdam). The most interesting ones were for generic terms like .art, .tech, and .store, which will be of interest to a great many people. Lots of brand owners in the auto industry, forexample, may want to be part of the “.cars” domain.
  • Not surprisingly, many of these generic domains are the subject of multiple applications: thirteen for .app; seven each for .mail and .news; nine for .shop. There will be a lengthy dispute-resolution process, probably culminating in an old-fashioned auction to the highest bidder, to see who ultimately gains control of these domains.

A recent survey of attorneys responsible for protecting trademarks found that while 91 percent were aware of the new gTLD program, only 36 percent had read the Applicant Guidebook, which explains how the process work. That Guidebook, and the initial application list, suggests some important steps you should take now to protect your brand:

1. Make sure no one has applied for a domain that incorporates one of your trademarks. A formal objection period for addressing such issues is now open and will run until January 2013.

2. Identify “generic” domains of interest, and investigate the applicants and their business plans. If you’re in the financial services sector, for example, you’ll want to know who’s behind the applications for .bank, .broker, .finance, .fund, .insurance, .investsments, .lifeinsurance, .loans, .money, .mutualfunds, and others. A 60-day comment period, open to anyone, runs through August 12; if there is something ICANN ought to know about one or more of the applicants or proposed domains, now is the time to tell them.

3. Start planning for defensive domain-name registrations in appropriate generic and geographic domains. Depending on the business you’re in, you may want to make sure you are the first to register your company name and key trademarks within appropriate domain names – before someone else does. The “someone else” could be a competitor, or just an old-fashioned cyber-squatter of the sort brand owners have been dealing with in the .com sphere for years. And don’t forget about domains like “.sucks,” where having someone else register your brand could be embarrassing.

The best defense is a good offense. Starting in October 2012, for a small fee you will be able to list your brand names in ICANN’s Trademark Clearinghouse; anyone that tries to register your brand as a domain name will be advised of your rights.

Does a Valid Copyright Exist in the Song “Happy Birthday To You”?

Mintz Logo

Ownership of a copyright in one of the most popular songs in the English language has recently been challenged in several lawsuits around the country.  At the heart of the dispute is whether the music publisher Warner Chappell legitimately owns a copyright in, and thus has the right to license (and enforce) the rights to, the ubiquitous song “Happy Birthday to You.”  Since it acquired a company in 1998 that claimed to own the rights in this song, some have estimated that Warner makes as much as $2M per year licensing the rights to use this song in various movies and television shows.  Two recently filed lawsuits are challenging this ownership claim and seek a ruling that the rights to the song have passed into the public domain.

The long and tortured history of the song, which has been methodically detailed by Professor Robert Brauneis in his excellent article on the topic, begins with the melody of the song which was originally written in the late 19th Century by two sisters, Mildred and Patty Hill.  Although there is still some dispute over the originality of the melody, Professor Bauneis’s research indicates it may have been wholly original even if loosely based on prior folk songs. What is undisputed, however, is that the Hill sisters’ melody was first published in a collection of children’s songs in 1893.  That melody (with different lyrics) was originally titled “Good Morning to All,” and was intended to be used as a greeting by teachers to their students.  What may be forever lost to history is who combined the current words with the Hill sisters’ melody and when. There is evidence from as early as 1911 that the current words and melody (i.e., the “Good Morning to All” melody) were being used together.

 Warner argues that its rights stem from two principal sources acquired over the years through many corporate mergers: (1) a 1935 piano arrangement of the melody of the song, which critics have noted is a specific arrangement of the song that is not the popular version known today, and (2) a copyright registration in a 1924 songbook containing the lyrics.

The suits challenge Warner’s claimed rights on several grounds. One is lack of originality. To be protected by copyright, a work must be sufficiently “original.”  Plaintiffs allege that Warner’s claimed versions of the song are not original enough, and do not protect the version of the song we know today.  Second, they allege that the version of the music in which Warner claims rights, the specific 1935 piano arrangement of the song, is not sufficiently similar to the current version to enable it to claim any rights in the current version. Finally, according to the Plaintiffs, any copyright in the prior versions expired long ago, either through term limits on copyright protection or through the failure of the original owners to properly renew those rights many years ago.

Since the license fees Warner charges for use of the song are not exorbitant, there has been little financial incentive for anyone to take Warner to court over the rights to the song. Since multiple litigations are now pending, there will likely be amicus briefs filed on plaintiffs’ side from many sources. This “crowdsourcing” of history, knowledge and effort (and cost) in re-creating as accurate a picture as possible of the history of the rights of this song is probably the best chance yet of getting to the bottom of the long open question regarding the ownership of “Happy Birthday to You.”

Article By:

 of

Update on Advanced Micro Devices (AMD) Trade Secret Misappropriation Case: Judge Hillman Issues Narrow Interpretation of the Computer Fraud and Abuse Act (CFAA)

RaymondBannerMED

As originally discussed on this blog back in February, a lawsuit brought by Advanced Micro Devices (AMD) against former employees accused of taking AMD trade secrets with them to competitor Nvidia has been ongoing and a recent opinion in the case highlights the uncertainty surrounding the Computer Fraud and Abuse Act (CFAA).

recent opinion issued by Judge Timothy S. Hillman narrowly interpreted the CFAA in this case. Judge Hillman declined a broad interpretation of the CFAA and held that AMD’s allegations in its complaint are insufficient to sustain a CFAA claim.

The relevant portion of the CFAA provides that it is a violation of the CFAA to:

Knowingly and with intent to defraud, [access] a protected computer without authorization or [exceed] authorized access, and by means of such conduct [further]the intended fraud and [obtain] anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.

computer broadcast world

There exists a circuit split on the interpretation of this clause. As Judge Hillman noted, the 1st Circuit has not clearly articulated its position on the issue. The broad interpretation defines access in terms of agency or use. That is, whenever an employee breaches a duty of loyalty or a contractual obligation and acquires an interest adverse to their employer, then all subsequent access exceeds the scope of authorized access. Proponents of the narrower interpretation argue that the intent of the CFAA was to deter computer hacking and not to supplement common law trade secret misappropriation remedies and therefore fraudulent means must be used to obtain the information initially.

Judge Hillman utilized a narrow interpretation of the CFAA and held that AMD had not pleaded sufficient facts to maintain a cause of action under the CFAA. AMD had pleaded that the defendants used their authorized access to computer systems to download and retain confidential AMD information which they retained when they left to go work at Nvida. The complaint, while alleging the defendants had the intent to defraud AMD, provided no facts which support the allegation that the defendants obtained the information through fraudulent or deceptive methods.

Judge Hillman did not outright dismiss the claim given the truncated evidentiary record and has allowed AMD the opportunity to plead specific details indicating that some or all of the defendants used fraudulent or deceptive means to obtain the confidential information and that they intentionally defeated or circumvented technologically implemented restrictions to obtain the confidential information. If other judges in the 1st Circuit follow Judge Hillman’s approach, plaintiffs will need to ensure that they plead with sufficient detail that the defendants obtained the information through a fraudulent or deceptive method as opposed to simply obtaining the information through permissible access.

The Value of Having an In-House E-Discovery Process

Marcus Evans

Having an end-to-end process in place for electronic discovery (e-discovery) and litigation management is critical, says Raquel Tamez, Principal/Deputy General Counsel, Litigation, Computer Sciences Corporation and speaker at the marcus evans Chief Litigation Officer Summit Fall 2013. Even if outside counsel and multiple service providers are involved, Chief Litigation Officers (CLOs) need to have a process, identify the various stakeholders, and determine and define their respective responsibilities. According to Tamez, that is the best approach to take.

How should CLOs approach e-discovery?

It is different for each company. There are opportunities for cost savings if companies can bring some of the data collection and processing in-house, but not every company has that capability or the appropriate litigation profile to justify the time and expense of doing so.

Nevertheless, CLOs should have a “process” in place whether entirely outsourced or entirely in-house or a hybrid. Having an end-to-end process for e-discovery is critical. CLOs may be inclined to simply hand-off the e-discovery function to its outside counsel who, in turn, utilize various service providers with different data processing capabilities and various document review platforms. There is a lack of efficiency and cost effectiveness with this hand-off approach. The better approach is for the CLO to have a robust, documented, end-to-end e-discovery process and “playbook” that outside counsel is required to follow. The process, ideally, should identify the CLO’s exclusive, full-service e-discovery service provider or at a minimum a list of service providers that have been vetted by the CLO’s legal staff and the company’s IT personnel. CLOs will, necessarily, have to invest time and some money to create and build out the process. These front-end costs will result in significant cost-savings in the long-run.

What is the next step? How does this lead to cost savings?

The key to cost-savings here is to have a repeatable process and not an ad hoc approach where the wheel must be reinvented every time a piece of litigation or an investigation is initiated. If the e-discovery process is well-executed, all relevant stakeholders, will know what to do, when do it, how to do it, and who to go to if any doubt. The transparency in the process leads to defensibility and ultimately, savings in both time and monies.

 of

Third-Party Litigation Funding Comes of Age

NEWLogoBurford_Final

Law firm Chief Marketing Officers (CMOs) are on the front line of client development, and thus have an unobstructed view of how the legal market for complex litigation is developing. As budget pressures continue to weigh on corporate general counsel, the need for law firms to adjust their pricing to secure new clients is clearly being felt – some firms are now hiring specialty personnel to focus solely on the question of proper pricing. CMOs are thus actively speaking the lingua franca of today’s latest fee structures – from RFPs to AFAs and discounted fees.

Given this, it is surprising to discover that many otherwise business savvy CMOs know little about the emergence of commercial litigation finance. While some are keenly aware of the new industry’s progress – and eager to share their involvement in the funding of multiple cases – others are seemingly unfamiliar with the advent of specialist funding companies and the business development opportunities that they could present for them.

In fairness, due to the often confidential nature of commercial litigation finance, the commercial litigation finance industry has been somewhat constrained in publicizing itself. One example of this is at a recent conference I sat next to the sharp CMO of a top firm who asked me what litigation finance did and what company I worked for. I explained to him that we financed legal fees in multi-million dollar cases, and that we had recently funded a case involving his own firm!

At its most basic level, litigation finance is very straightforward. A third-party funds legal fees and expenses associated with a litigation or arbitration, in return for a portion of the ultimate proceeds (settlement or judgment), if any. Importantly, the funding is typically “non-recourse”, meaning that if there is no recovery for the plaintiff, the litigation financier receives no fee.

Claimants have historically found ways to fund their cases – with available capital, through a bank loan, or by agreeing to a contingency fee with their attorney. What has changed recently is the emergence of specialty finance companies that limit their work to the financing of litigation. These firms – which first appeared in Australia a decade ago, and are now active in the United Kingdom and the United States.  They typically invest in large-scale and complex commercial litigation, with investments (and thus legal fees) on the order of several million dollars.

Not all cases are appropriate for litigation financing, and certain criteria must be met as part of a careful due diligence process. Four considerations include:

  1. the merits of the claim – the case must stand a very strong chance of success on the law and facts;
  2. the ratio of costs/proceeds – the ratio of legal fees (and other costs) must be in proper proportion to the expected proceeds (to allow for reasonable costs associated with financing – typically a ratio of at least 1:4 is required);
  3. the duration of the proceedings – as the cost of financing will usually be related to the time the case takes to resolve (given the time value of money), notice must be paid to the expected length of the case; and
  4. the enforceability of judgment – it must be clear at the outset that, if the claim is successful, the plaintiff will be able to collect its judgment from the defendant.

Once an investment is made, litigation financiers are careful as to their involvement in a given case. Important rules of legal ethics are respected so that the funder does not interfere with case strategy, settlement decisions, or the attorney-client relationship. And, as mentioned above, the financing is typically kept confidential between the parties.

Given the challenge of drawing in new clients, law firm CMOs must leverage every available advantage. In several business development scenarios, the prospect of litigation finance can help:

  • Fee negotiations – in situations where a client would prefer to work with a given firm – but the client will not (or cannot) pay the firm’s standard hourly fees – financing can be used to pay such fees and allow the case to proceed;
  • Alternative to contingency fee – in situations where a firm is asked to act on a contingency fee basis, a litigation financier can step in to provide a similar result: the firm receives its standard hourly fees, paid for by the funder, which in turn only receives compensation in the event of a “win” (sometimes referred to as a “synthetic contingency”);
  • RFP (request for proposal) – in situations where an RFP has been issued by a potential client, a firm’s response may be better received if it makes proper mention of litigation finance as an innovative variation to AFA (alternative fee arrangements); and
  • Fee “fatigue” – in situations where an existing client involved in extended litigation has begun to express concern regarding mounting fees (perhaps on the eve of trial), litigation finance can offer immediate cash-flow relief and allow the firm to receive its full fees.

In short, litigation finance can offer law firm CMOs (and anyone involved in legal business development) a new tool with which to hammer out difficult pricing issues and fee structures for big-ticket litigation.

Article By:

 of

Basic Guidelines for Protecting Company Trade Secrets

Lewis & Roca

Under the Uniform Trade Secrets Act (UTSA), “trade secrets” are generally defined as confidential proprietary information that provides a competitive advantage or economic benefit. Trade secrets are protected under the Economic Espionage Act of 1994 (EEA) at the federal level, and the vast majority of states have enacted statutes modeled after the UTSA (note that some jurisdictions, such as California, Texas and Illinois, have adopted trade secret laws that differ substantially from the UTSA; thus, businesses should research laws in the relevant jurisdiction(s).). Under the UTSA, to be protectable as a trade secret, information must meet three requirements:

i. the information must fall within the statutory definition of “information” eligible for protection;

ii. the information must derive independent economic value from not being generally known or readily ascertainable by others using appropriate means; and

iii. the information must be the subject of reasonable efforts to maintain its secrecy.

Trade secret theft continues to accelerate among U.S. companies, and can have drastic consequences. To combat this threat, Congress and certain state legislatures have recently enacted legislation to broaden trade secret protection. As a result, it is paramount that companies safeguard all proprietary information that may qualify as protectable trade secrets. This blog post explains some key trade secrets concepts, and offers pointers on how to identify and protect trade secrets.

(1) Determine Which Data Constitutes “Information”

The UTSA-type statutes generally define “information” to include:

Financial, business, scientific, technical, economic, and engineering information;

Computer code, plans, compilations, formulas, designs, prototypes, techniques, processes, or procedures; and

Information that has commercial value, such as customer lists or the results of expensive research.

Courts have similarly interpreted “information” to cover virtually any commercially valuable information. Examples of information that has been found to constitute trade secrets includes pricing and marketing techniques, customer and financial information, sources of supplies, manufacturing processes, and product designs.

(2) “Valuable” and “Not Readily Ascertainable” Information

To be protectable, information must also have “economic value” and not be “readily ascertainable” by others. Courts generally determine whether information satisfies this standard by considering the following factors:

Reasonable measures have been put in place to protect the information from disclosure;

The information has actual or potential commercial value to a company;

The information is known by a limited number of people on a need-to-know basis;

The information would be useful to competitors and would require a significant investment to duplicate or acquire the information; and

The information is not generally known to the public.

(3) Take Reasonable Measures to Maintain Secrecy

Businesses should implement technical, administrative, contractual and physical safeguards to keep secret the information sought to be protected. Companies should identify foreseeable threats to the security of confidential information; assess the likelihood of potential harm flowing from such threats; and implement security protocols to address potential threats. Examples of security measures might include restricting access to confidential information on a need-to-know basis, employing computer access restrictions, circulating an employee handbook that outlines company policies governing confidential information, conducting entrance interviews for new hires to determine whether they are subject to restrictive covenants with former employers, conducting exit interviews with departing personnel to ensure that the employee has returned all company materials and agrees to abide by post-employment obligations, encrypting confidential information, limiting access to confidential information through passwords and network firewalls, track all access to network resources and confidential information, restrict the ability to email, print or otherwise transfer confidential information, employ security personnel, limit visitor access, establish surveillance procedures, and limit physical access to areas that may have confidential information.

Conclusion

This blog post is intended to provide some broad guidelines to identifying and protecting company trade secrets. Most if not all companies have confidential information that may be protectable as a trade secret. But certain precautions need to be in place to ensure that the information is protectable. Because each company and situation is different, you should seek advice about your specific circumstances.

Article By:

 of

New Data Breach Class Action has Two Million Plaintiffs

RaymondBannerMED

Cyber breaches resulting in the release of personal identifiable information (PII) are increasingly common and now we are starting to see class action lawsuits filed as a result. In what will likely be the beginning of a wave of lawsuits filed as a result of cyber breaches, Schnucks Markets, operator of 100 supermarkets across the Midwest, recently removed a class action lawsuit filed against it to federal court stemming from a data breach that occurred in March in which 2.4 million credit card numbers were stolen.

The Class action complaint alleges Schnucks failed to properly and adequately safeguard its customer’s personal and financial data. In addition to common law negligence and disclosure, the plaintiffs allege a violation of the Illinois Personal Information Protection Act which requires a data collector of personal information to notify individuals in the most expedient manner possible and without unreasonable delay. The complaint alleges Schnucks waited over two weeks to notify its customers and then did so only through a press release as opposed to providing actual notice to individual consumers. Apparently Schnucks struggled to find the source of the breach and this delay may have continued to expose the PII of people who shopped at its stores.

cybercrime graphicSchnuck’s notice of removal to federal court states the grounds for removal include a class size of more than 100 people and damages at issue are greater than $5 million. Schnucks also explains that the data breach was the result of criminals hacking into its electronic payment systems at 23 stores. Further, during the relevant period, 1.6 million credit or debit card transactions took place at these stores. Schnucks calculates that 500,000 unique credit or debit cards were involved thus the putative class has at least 500,000 members.

Damages alleged by the plaintiffs include having their credit card data compromised, incurring numerous hours cancelling their compromised cards, activating replacement cards and re-establishing automatic withdrawal payment authorizations as well as other economic and non-economic harm. Given that data breaches are becoming increasingly common it is likely that there will be more lawsuits filed similar to Schnucks in the near future. Legal counsel experienced in cyber risk and insurance can assist retailers and insurance companies with handling such problems as they arise.

Round Up – Intellectual Property and Cyber Security Things You May Have Missed (Including Some Good Summer Cocktail Banter Material)

Giordano Logo

Cyber Security Report – Earlier this year, Verizon released its 2013 Data Breach Investigations Report.  The report analyzes and presents data regarding the current state of various data breaches and network attacks.  Some of the results are surprising.

  •             92% of breaches are perpetrated by outsiders
  •             19% of breaches are attributed to state-affiliated actors
  •             76% of network intrusions exploit weak or stolen credentials
  •             66% took months or more to discover

Do Trademark Lawyers Matter? – An empirical study, published in the Stanford Technology Law Review, provided the results of a grueling analysis of 25 years worth of data from the United States Patent and Trademark Office records on whether being represented by a trademark attorney makes a difference in the likelihood of success in getting your mark registered.  The results?  YES!  It turns out that, overall, trademark applicants who are represented by an attorney are 50% more likely to have their marks registered.  The results are even more dramatic when an application faces an obstacle (e.g., an office action).  In those instances, applicants were found to be 68% more likely to proceed to publication when represented by counsel.  Perhaps its time for a national trademark lawyer appreciation day! (I’m not holding my breath).

Does Keyword Advertising Really Work?  eBay recently released a study, entitled “Consumer Heterogeneity and Paid Search Effectiveness: A Large Scale Field Experiment” which analyzed the effectiveness of eBay’s keyword advertising efforts.  So does keyword advertising really work?  Not so much.  According to the study, for well known brands (like eBay), new and infrequent users may be more influenced by keyword triggered advertisements.  But more experienced searchers and otherwise loyal brand users are not influenced by the ads.  When eBay stopped its keyword advertising, almost all of the traffic lost from the absence of the ad was picked up in the native search results.  It’s important to note, however, that this study was focused on a single well known brand.  The results may be quite different for other brands or for less well known brands.  Moreover, the study says nothing about the use of a trademark by a competitor as a keyword to drive traffic to the competitor’s website.

Marketing Your Mobile App – The FTC has released guidelines for mobile app developers when advertising their software.  The plain language guide is very high level, but does include some helpful tid bits to remember.  Highlights include:

  • Advertising is everything a company tells a prospective buyer about its app (whether its in the formal ad campaign or in other communications).
  • Don’t bury key disclosures in “dense blocks of legal mumbo jumbo” or behind hyperlinks.
  • Build in privacy by design, including principles used in selecting default settings.
  • If you change your privacy policy, you need to get user’s consent.  Merely editing the language of the policy isn’t enough.

Effective Disclosures in Digital Advertising – The FTC also released guidelines for online advertising.  This new guidance focuses on the peculiarities and challenges associated with online advertising.  Where this adds new value is in its analysis and detail (with examples!) of the following areas:

  • Proximity and Placement – where disclosures have to be placed to be effective
  • Hyperlinks – including proper labeling and placement
  • Prominence – including use of size, color and graphics
  • Distractions – risks from graphics, sounds and links that may distract from disclosures
  • Multimedia – use of audio and video

Attack on “Happy Birthday” Copyright.  Salon.com reported yesterday that a class action suit has been filed to attack the copyright in the popular birthday celebration tune.  According to the report, the lawsuit was prompted by a documentary uncovering evidence that the song was originally published as early as 1893 and that the current copyright is based on a 1924 publication date which grants the work 95 years of copyright protection.  Based on my count, there’s only about 6 years left in the alleged copyright to begin with.  Hopefully the lawsuit gets resolved before then.

Article By:

 of

China’s First-Ever National Standard on Data Privacy – Best Practices for Companies in China on Managing Data Privacy

Sheppard Mullin 2012

Companies doing business in China should take careful notice that China is now paying more attention to personal data privacy collection. This would be an opportune time for private companies to internally review existing data collection and management practices, as well as determine whether these fall within the new guidelines, and where necessary, develop and incorporate new internal data privacy practices.

The Information Security Technology-Guide for Personal Information Protection within Public and Commercial Systems (“Guidelines”), China’s first-ever national standard for personal data privacy protection, came into effect on February 1, 2013. The Guidelines, while not legally binding, are just what they purport to be – guidelines – some commentators view these as technical guidelines. However, the Guidelines should not be taken lightly as this may be a pre-cursor of new legislation ahead. China is not quite ready to issue new binding legislation, but there are indications it seeks to develop consistency with other internationally accepted practices, especially following recent data legislation enacted in the region by neighboring Hong Kong and other Asian countries.

What should companies look for when examining existing data privacy and collection policy and practices? As the Guidelines provide for rules on collecting, handling, transferring and deleting personal information, these areas of a company’s current policies should be reviewed.

“Personal Information”

What personal information is subject to the Guidelines? The Guidelines define “personal information” as “computer data that may be processed by an information system, relevant to a certain natural person, and that may be used solely or along with other information to identify such natural person.”

“General” and “Sensitive” Personal Information

The Guidelines makes a distinction on handling “general” as opposed to “sensitive” personal information. Sensitive personal information is defined as “information the leakage of which will cause adverse consequences to the subject individual” e.g. information such as an individual’s identity card, religious views or fingerprints.

Consent Required

If an individual’s personal information is being collected, that individual should be informed as to the purpose and the scope of the data being collected; tacit consent must be obtained- the individual does not object after being well informed. With “sensitive” personal information being collected, a higher level of consent must be obtained prior to collection and use; the individual must provide express consent and such evidence be retained.

Notice

Best practices dictate a well-informed notice be given the individual prior to collection of any personal information. The notice should clearly spell out, among other items, what information is being collected, the purpose for which the information will be used, the method of collection, party to whom the personal information will be disclosed and retention period.

Cross Border Transfer

The Guidelines further limit the transfer of personal information to any organization outside of P.R. China except where the individual provides consent, the government authorizes the transfer or the transfer is required by law. It is unclear as to which law applies where transfer is “required by law”- PRC law or law of any other country.

Notification of Breach

There is a notification requirement. The individual must be notified if personal information is lost, altered or divulged. If the breach incident is material, then the “personal information protection administration authority.” The Guidelines, however, do not define or make clear this administration authority is here.

Retention and Deletion

Best practices for a company is to minimize the amount of personal information collected. Personal information once used to achieve their intended purpose should not be stored and maintained, but immediately deleted.

The Guidelines may not be binding authority, but at a minimum sets certain standards for the collection, transfer and management of personal information. Especially for companies operating in China, the Guidelines is a call to action, and for implementation of best practices relating to data privacy. Companies should take this opportunity to assess their data privacy and security policies, review and revise customer information intake procedures and documentation, and develop and implement clear, company-wide internal data privacy policies and methods.

Article By:

 of

Social Media & Emerging Employer Issues: Are You Protected?

McBrayer NEW logo 1-10-13

On June 13, 2013, Business First of Louisville and McBrayer hosted the second annual Social Media Seminar. The seminar’s precedent, Social Media: Strategy and Implementation, was offered in 2012 and was hugely successful. This year’s proved to be no different. Presented by Amy D. Cubbage and Cynthia L. Effinger, the seminar focused on emerging social media issues for employers. If you missed it, you missed out! But don’t worry, a seminar recap is below and for a copy of the PowerPoint slides click here.

McBrayer: If a business has been designated an entity that must comply with HIPAA, what is the risk of employees using social media?

Cubbage: Employers are generally liable for the acts of their employees which are inconsistent with HIPAA data privacy and security rules. As employees’ use of social networking sites increase, so does the possibility of a privacy or security breach. An employee may be violating HIPAA laws simply by posting something about their workday that is seemingly innocent. For instance, a nurse’s Facebook status that says, “Long day, been dealing with a cranky old man just admitted into the ER” could be considered a HIPAA violation and expose an employer to sanctions and fines.

 

McBrayer: Should businesses avoid using social media so that they will not become the target of social media defamation?

Effinger: In this day and age it is hard, if not impossible, for a business to be successful without some use of social media. There is always the risk that someone will make negative comments about an individual or a business online, especially when anonymity is an option. Employers need to know the difference between negativity and true defamation. Negative comments or reviews are allowed, perhaps even encouraged, on some websites. If a statement is truly defamatory, however, then a business should make efforts to have the commentary reported and removed. The first step should always be to ask the internet service provider for a retraction of the comment, but legal action may sometimes be required.

 

McBrayer: When does a negative statement cross the line and become defamation?

Effinger: It is not always easy to tell. First, a statement must be false. If it is true, no matter how damaging, it is not defamation. The same goes for personal opinions. Second, the statement must cause some kind of injury to an individual or business, such as by negatively impacting a business’s sales, to be defamation.

 

McBrayer: Can employers ever prevent employees from “speaking” on social media?

Effinger: Employers should always have social media policies in place that employees read, sign, and abide by. While it is never really possible to prevent employees from saying what they wish on social media sites, some of their speech may not be protected by the First Amendment’s freedom of speech clause.

 

McBrayer: What constitutes “speech” on the internet? Is “liking” a group on Facebook speech? How about posting a YouTube video?

Effinger: This is a problem that courts and governmental employment agencies, like the National Labor Relations Board, are just starting to encounter. There is no bright-line rule for what constitutes “speech,” but it is safe to say that anything an employee does online that is somehow communicated to others (even “liking” a group or posting a video) qualifies.

 

McBrayer: Since a private employer is not bound by the First Amendment, can they terminate employees for social media actions with no repercussions?

Effinger: No! In fact, it could be argued that private employees are afforded more protection for what they say online than public employees. While a private employer has no constitutional duty to allow free speech, the employer is subject to state and federal laws that may prevent them from disciplining an employee’s conduct. As a general rule, private employees have the right to communicate in a “concerted manner” with respect to “terms and conditions” of their employment. Such communication is protected regardless of whether it occurs around the water cooler or, let’s say, on Twitter.

 

McBrayer: It seems like the best policy would be for employers to prohibit employees from discussing the company in any negative manner. Is this acceptable?

Effinger: It is crucial for companies to have social media policies and procedures, but crafting them appropriately can be tricky. There have been several instances where the National Labor Relations Board has reviewed a company’s policy and found its overly broad restrictions or blanket prohibitions illegal. Even giant corporations like General Motors and Target have come under scrutiny for their social media policies and been urged to rewrite them so employees are given more leeway.

 

McBrayer: Is social media a company asset?

Cubbage: Yes! Take a moment to consider all of the “followers”, “fans”, or “connections” that your business may have through its social media accounts. These accounts provide a way to constantly interact with and engage clients and customers. Courts have recently dealt with cases where a company has filed suit after a rogue employee stole a business account in some manner, for instance by refusing to turn over an account password. Accounts are “assets,” even if not tangible property.

 

McBrayer: What is the best way for an employer to protect their social media accounts?

Cubbage: Social media accounts should first be addressed in a company’s operating agreement. Who gets the accounts in the event the company splits? There are additional steps every employer should take, such as including a provision in social media policies that all accounts are property of the business. Also, there should always be more than one person with account information, but never more than a few. Treat social media passwords like any other confidential business information – they should only be distributed on a “need to know” basis.

Article By:

 of